Vishal Mishra

Main Menu

Social Networks

Automate Manual Static Code Analysis

@Vishal Mishra · May 8, 2018 · 2 min read

Antlr: Automate Manual SAST Activity

I came across this wonderful which can understand any grammar and can be very helpful for people who do lot of manual source code analysis. This unlike the common grepping allows you to find specifics by programming it in many languages.
Just to showcase the power of tool, I will be using antlr in python to find uninitialized varaibles in java code base.
So before I get started you need to download the latest copy of antlr jar and install python library. Also inorder to feed the grammar to antlr download the .g4 aka grammar definition file for the target language.